Easiest Way to Encrypt in Python

Photo by Jeremy Bishop on Unsplash

Anyone can copy-and-paste AES invocations from StackOverflow. But the hard part of data security is the key lifecycle management, crypto-agility, centralized controls, and secure key distribution mechanisms. You can skim 6 Questions to Ask Before Encryption Application Layer Data to get a better sense of the responsibilities that come with encrypting data. But in short, no one should be reinventing the wheel.

Luckily, we can just use Peacemakr to solve these hard problems.

Peacemakr’s E2E-Encryption Python SDK

Peacemakr provides E2E-Encryption-as-a-Service in an open-source Python SDK. Of course, it supports other languages too. Peacemakr uses a dedicated SaaS to provide centralized configuration management for all integrated clients. Under the hood, it handles the key lifecycle management, crypto-agility, centralized controls, and secure key distribution.

Unlike Key Management Services, Peacemakr is not a dev tool. It’s the full E2E-Encryption solution. It provides data confidentiality with encryption, but also non-repudiation (with signing), forward secrecy (with automated key rotation), tamper-detection (with HMACs), backward compatibility (through our SDK releases), and centralized control (in an admin portal) — all behind a simple and open-source interface.

Peacemakr: The Easiest way to Encrypt in Python

#1 Install Dependencies

Since the Peacemakr SDKs are open-source, you may download from the source directly on GitHub. Otherwise, just

$ pip install peacemakr

#2 Get a Peacemakr APIKey

E2E-Encryption requires access to the server. They have a demo APIKey to try it out without an account,

export PEACEMAKR_APIKEY=d1Maw58P2xCQ8d0GV15n22SQNI6lYXHzWLCTEvNPHnY=

However, to use your own keys, register for your free account at https://peacemakr.io. Once registered, browse to APIKey.

#3 Register your Client

Before we encrypt data, we need to register as a Peacemakr Client. Registering allows encryption keys to be delivered to your client. Registration requires an APIKey, client name, host, and a persister. For example,

import peacemakr as p
import peacemakr.factory as factory
api_key = "my-api-key-from-step-2-above"
persister = p.InMemoryPersister()
sdk = factory.get_crypto_sdk(api_key=api_key,
client_name="hello world",
peacemakr_hostname="https://api.peacemakr.io",
persister=persister
)
sdk.register()

#4 Finally, Encrypt your Data

Transform your data into a serialized binary format, and use peacemakr to encrypt it. When you’re ready to operate on your data again, decrypt it.

import osrandom_bytes = os.urandom(100)
encrypted_bytes = sdk.encrypt(random_bytes)
...decrypted_bytes = sdk.decrypt(encrypted_bytes)

It’s really that simple. You can read up on what is happening under the hood directly in our open source SDKs, on our website.

15+ Years experience leading security, Ex-Apple, Ex-Pure Storage, Ex-Symphony Communications, Co-Founder and CEO of Peacemakr, Lives in San Francisco.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store